From 22b87be4d45485045735a5a62100e063d07955b1 Mon Sep 17 00:00:00 2001 From: qiaoli Date: Thu, 27 Jul 2023 22:29:57 +0000 Subject: Allow ondevicepersonalization to use libcrypto Bug: 241799297 Test: mma Change-Id: I65a6109d6593213a21143f315c08ec0cf6acaa4d --- Android.bp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Android.bp b/Android.bp index 2ca2b75b..acb2b89a 100644 --- a/Android.bp +++ b/Android.bp @@ -161,6 +161,7 @@ cc_object { "com.android.compos", "com.android.conscrypt", "com.android.extservices", + "com.android.ondevicepersonalization", "com.android.resolv", "com.android.virt", ], @@ -302,6 +303,7 @@ cc_library { "com.android.conscrypt", "com.android.extservices", "com.android.resolv", + "com.android.ondevicepersonalization", "com.android.virt", ], min_sdk_version: "29", -- cgit v1.2.3 From 8f0d203ff4baaec115f7fa9d736919ef2459e6d4 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 31 Jul 2023 21:17:48 +0000 Subject: MD5 and SHA-1 are not actually approved in the TLS KDF. Cherry-picked direct to UDC branches for FIPS certification, these changes already landed in main as part of change I29bdd7d2dd6800e9dbcb5da82deb4faf36cc43d9. They are NIST hash functions, but this service indicator function is specific to their use in the TLS KDF. Bug: 295523306 Test: mm Change-Id: I5a1f9d2865813f436a8e2a7548dffefcb2813c5f Merged-In: I29bdd7d2dd6800e9dbcb5da82deb4faf36cc43d9 (cherry picked from commit 04487c4e98fd34f1bfcc7ae3757efbaff7b26e4e) --- .../fipsmodule/service_indicator/service_indicator.c | 11 ++++------- .../service_indicator/service_indicator_test.cc | 18 ++---------------- 2 files changed, 6 insertions(+), 23 deletions(-) diff --git a/src/crypto/fipsmodule/service_indicator/service_indicator.c b/src/crypto/fipsmodule/service_indicator/service_indicator.c index b1ea28e8..64325bea 100644 --- a/src/crypto/fipsmodule/service_indicator/service_indicator.c +++ b/src/crypto/fipsmodule/service_indicator/service_indicator.c @@ -303,14 +303,11 @@ void HMAC_verify_service_indicator(const EVP_MD *evp_md) { } void TLSKDF_verify_service_indicator(const EVP_MD *md) { - // HMAC-MD5, HMAC-SHA1, and HMAC-MD5/HMAC-SHA1 (both used concurrently) are - // approved for use in the KDF in TLS 1.0/1.1. - // HMAC-SHA{256, 384, 512} are approved for use in the KDF in TLS 1.2. - // These Key Derivation functions are to be used in the context of the TLS - // protocol. + // HMAC-MD5/HMAC-SHA1 (both used concurrently) is approved for use in the KDF + // in TLS 1.0/1.1. HMAC-SHA{256, 384, 512} are approved for use in the KDF in + // TLS 1.2. These Key Derivation functions are to be used in the context of + // the TLS protocol. switch (EVP_MD_type(md)) { - case NID_md5: - case NID_sha1: case NID_md5_sha1: case NID_sha256: case NID_sha384: diff --git a/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc b/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc index 4389b981..41f263db 100644 --- a/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc +++ b/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc @@ -422,24 +422,12 @@ static const uint8_t kTLSSeed2[16] = { 0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81, }; -static const uint8_t kTLSOutput_mdsha1[32] = { +static const uint8_t kTLSOutput_md5_sha1[32] = { 0x36, 0xa9, 0x31, 0xb0, 0x43, 0xe3, 0x64, 0x72, 0xb9, 0x47, 0x54, 0x0d, 0x8a, 0xfc, 0xe3, 0x5c, 0x1c, 0x15, 0x67, 0x7e, 0xa3, 0x5d, 0xf2, 0x3a, 0x57, 0xfd, 0x50, 0x16, 0xe1, 0xa4, 0xa6, 0x37, }; -static const uint8_t kTLSOutput_md[32] = { - 0x79, 0xef, 0x46, 0xc4, 0x35, 0xbc, 0xe5, 0xda, 0xd3, 0x66, 0x91, - 0xdc, 0x86, 0x09, 0x41, 0x66, 0xf2, 0x0c, 0xeb, 0xe6, 0xab, 0x5c, - 0x58, 0xf4, 0x65, 0xce, 0x2f, 0x5f, 0x4b, 0x34, 0x1e, 0xa1, -}; - -static const uint8_t kTLSOutput_sha1[32] = { - 0xbb, 0x0a, 0x73, 0x52, 0xf8, 0x85, 0xd7, 0xbd, 0x12, 0x34, 0x78, - 0x3b, 0x54, 0x4c, 0x75, 0xfe, 0xd7, 0x23, 0x6e, 0x22, 0x3f, 0x42, - 0x34, 0x99, 0x57, 0x6b, 0x14, 0xc4, 0xc8, 0xae, 0x9f, 0x4c, -}; - static const uint8_t kTLSOutput_sha224[32] = { 0xdd, 0xaf, 0x6f, 0xaa, 0xd9, 0x2b, 0x3d, 0xb9, 0x46, 0x4c, 0x55, 0x8a, 0xf7, 0xa6, 0x9b, 0x0b, 0x35, 0xcc, 0x07, 0xa7, 0x55, 0x5b, @@ -1783,9 +1771,7 @@ static const struct KDFTestVector { const uint8_t *expected_output; const FIPSStatus expect_approved; } kKDFTestVectors[] = { - {EVP_md5, kTLSOutput_md, FIPSStatus::APPROVED}, - {EVP_sha1, kTLSOutput_sha1, FIPSStatus::APPROVED}, - {EVP_md5_sha1, kTLSOutput_mdsha1, FIPSStatus::APPROVED}, + {EVP_md5_sha1, kTLSOutput_md5_sha1, FIPSStatus::APPROVED}, {EVP_sha224, kTLSOutput_sha224, FIPSStatus::NOT_APPROVED}, {EVP_sha256, kTLSOutput_sha256, FIPSStatus::APPROVED}, {EVP_sha384, kTLSOutput_sha384, FIPSStatus::APPROVED}, -- cgit v1.2.3 From 9face09a03c8921bf46d0707a013717a4e3e0102 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 31 Jul 2023 21:55:28 +0000 Subject: Split TLS 1.0 and 1.2 self checks. Cherry-picked direct to UDC branches for FIPS certification, these changes already landed in main as part of change I29bdd7d2dd6800e9dbcb5da82deb4faf36cc43d9. While it's the same code path, NIST may consider these different functions and thus want separate checks for them. Bug: 295523306 Test: mm Change-Id: Ic391b5e656b22c5e11d94ec22398346669833bd9 Merged-In: I29bdd7d2dd6800e9dbcb5da82deb4faf36cc43d9 (cherry picked from commit 7ae2b910c13017b63f1a8bd6c8decfce692869b0) --- src/crypto/fipsmodule/self_check/self_check.c | 55 +++++++++++++++++++-------- src/util/fipstools/break-kat.go | 5 +-- src/util/fipstools/test_fips.c | 13 +++++++ 3 files changed, 54 insertions(+), 19 deletions(-) diff --git a/src/crypto/fipsmodule/self_check/self_check.c b/src/crypto/fipsmodule/self_check/self_check.c index 525cd169..edfef6d4 100644 --- a/src/crypto/fipsmodule/self_check/self_check.c +++ b/src/crypto/fipsmodule/self_check/self_check.c @@ -918,11 +918,6 @@ static int boringssl_self_test_fast(void) { } // TLS KDF KAT - static const uint8_t kTLSSecret[32] = { - 0xab, 0xc3, 0x65, 0x7b, 0x09, 0x4c, 0x76, 0x28, 0xa0, 0xb2, 0x82, - 0x99, 0x6f, 0xe7, 0x5a, 0x75, 0xf4, 0x98, 0x4f, 0xd9, 0x4d, 0x4e, - 0xcc, 0x2f, 0xcf, 0x53, 0xa2, 0xc4, 0x69, 0xa3, 0xf7, 0x31, - }; static const char kTLSLabel[] = "FIPS self test"; static const uint8_t kTLSSeed1[16] = { 0x8f, 0x0d, 0xe8, 0xb6, 0x90, 0x8f, 0xb1, 0xd2, @@ -932,17 +927,45 @@ static int boringssl_self_test_fast(void) { 0x7d, 0x24, 0x1a, 0x9d, 0x3c, 0x59, 0xbf, 0x3c, 0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81, }; - static const uint8_t kTLSOutput[32] = { - 0xe2, 0x1d, 0xd6, 0xc2, 0x68, 0xc7, 0x57, 0x03, 0x2c, 0x2c, 0xeb, - 0xbb, 0xb8, 0xa9, 0x7d, 0xe9, 0xee, 0xe6, 0xc9, 0x47, 0x83, 0x0a, - 0xbd, 0x11, 0x60, 0x5d, 0xd5, 0x2c, 0x47, 0xb6, 0x05, 0x88, + + static const uint8_t kTLS10Secret[32] = { + 0xab, 0xc3, 0x65, 0x7b, 0x09, 0x4c, 0x76, 0x28, 0xa0, 0xb2, 0x82, + 0x99, 0x6f, 0xe7, 0x5a, 0x75, 0xf4, 0x98, 0x4f, 0xd9, 0x4d, 0x4e, + 0xcc, 0x2f, 0xcf, 0x53, 0xa2, 0xc4, 0x69, 0xa3, 0xf7, 0x31, + }; + static const uint8_t kTLS10Output[32] = { + 0x69, 0x7c, 0x4e, 0x2c, 0xee, 0x82, 0xb1, 0xd2, 0x8b, 0xac, 0x90, + 0x7a, 0xa1, 0x8a, 0x81, 0xfe, 0xc5, 0x58, 0x45, 0x57, 0x61, 0x2f, + 0x7a, 0x8d, 0x80, 0xfb, 0x44, 0xd8, 0x81, 0x60, 0xe5, 0xf8, + }; + uint8_t tls10_output[sizeof(kTLS10Output)]; + if (!CRYPTO_tls1_prf(EVP_md5_sha1(), tls10_output, sizeof(tls10_output), + kTLS10Secret, sizeof(kTLS10Secret), kTLSLabel, + sizeof(kTLSLabel), kTLSSeed1, sizeof(kTLSSeed1), + kTLSSeed2, sizeof(kTLSSeed2)) || + !check_test(kTLS10Output, tls10_output, sizeof(kTLS10Output), + "TLS10-KDF KAT")) { + fprintf(stderr, "TLS KDF failed.\n"); + goto err; + } + + static const uint8_t kTLS12Secret[32] = { + 0xc5, 0x43, 0x8e, 0xe2, 0x6f, 0xd4, 0xac, 0xbd, 0x25, 0x9f, 0xc9, + 0x18, 0x55, 0xdc, 0x69, 0xbf, 0x88, 0x4e, 0xe2, 0x93, 0x22, 0xfc, + 0xbf, 0xd2, 0x96, 0x6a, 0x46, 0x23, 0xd4, 0x2e, 0xc7, 0x81, + }; + static const uint8_t kTLS12Output[32] = { + 0xee, 0x4a, 0xcd, 0x3f, 0xa3, 0xd3, 0x55, 0x89, 0x9e, 0x6f, 0xf1, + 0x38, 0x46, 0x9d, 0x2b, 0x33, 0xaa, 0x7f, 0xc4, 0x7f, 0x51, 0x85, + 0x8a, 0xf3, 0x13, 0x84, 0xbf, 0x53, 0x6a, 0x65, 0x37, 0x51, }; - uint8_t tls_output[sizeof(kTLSOutput)]; - if (!CRYPTO_tls1_prf(EVP_sha256(), tls_output, sizeof(tls_output), kTLSSecret, - sizeof(kTLSSecret), kTLSLabel, sizeof(kTLSLabel), - kTLSSeed1, sizeof(kTLSSeed1), kTLSSeed2, - sizeof(kTLSSeed2)) || - !check_test(kTLSOutput, tls_output, sizeof(kTLSOutput), "TLS-KDF KAT")) { + uint8_t tls12_output[sizeof(kTLS12Output)]; + if (!CRYPTO_tls1_prf(EVP_sha256(), tls12_output, sizeof(tls12_output), + kTLS12Secret, sizeof(kTLS12Secret), kTLSLabel, + sizeof(kTLSLabel), kTLSSeed1, sizeof(kTLSSeed1), + kTLSSeed2, sizeof(kTLSSeed2)) || + !check_test(kTLS12Output, tls12_output, sizeof(kTLS12Output), + "TLS12-KDF KAT")) { fprintf(stderr, "TLS KDF failed.\n"); goto err; } @@ -983,7 +1006,7 @@ static int boringssl_self_test_fast(void) { !check_test(kTLS13ExpandLabelOutput, tls13_expand_label_output, sizeof(kTLS13ExpandLabelOutput), "CRYPTO_tls13_hkdf_expand_label")) { - fprintf(stderr, "TLSv1.3 KDF failed.\n"); + fprintf(stderr, "TLS13-KDF failed.\n"); goto err; } diff --git a/src/util/fipstools/break-kat.go b/src/util/fipstools/break-kat.go index e4d323ab..67c33002 100644 --- a/src/util/fipstools/break-kat.go +++ b/src/util/fipstools/break-kat.go @@ -1,5 +1,3 @@ -//go:build - // break-kat corrupts a known-answer-test input in a binary and writes the // corrupted binary to stdout. This is used to demonstrate that the KATs in the // binary notice the error. @@ -27,7 +25,8 @@ var ( "SHA-1": "132fd9bad5c1826263bafbb699f707a5", "SHA-256": "ff3b857da7236a2baa0f396b51522217", "SHA-512": "212512f8d2ad8322781c6c4d69a9daa1", - "TLS-KDF": "abc3657b094c7628a0b282996fe75a75f4984fd94d4ecc2fcf53a2c469a3f731", + "TLS10-KDF": "abc3657b094c7628a0b282996fe75a75f4984fd94d4ecc2fcf53a2c469a3f731", + "TLS12-KDF": "c5438ee26fd4acbd259fc91855dc69bf884ee29322fcbfd2966a4623d42ec781", "TLS13-KDF": "024a0d80f357f2499a1244dac26dab66fc13ed85fca71dace146211119525874", "RSA-sign": "d2b56e53306f720d7929d8708bf46f1c22300305582b115bedcac722d8aa5ab2", "RSA-verify": "abe2cbc13d6bd39d48db5334ddbf8d070a93bdcb104e2cc5d0ee486ee295f6b31bda126c41890b98b73e70e6b65d82f95c663121755a90744c8d1c21148a1960be0eca446e9ff497f1345c537ef8119b9a4398e95c5c6de2b1c955905c5299d8ce7a3b6ab76380d9babdd15f610237e1f3f2aa1c1f1e770b62fbb596381b2ebdd77ecef9c90d4c92f7b6b05fed2936285fa94826e62055322a33b6f04c74ce69e5d8d737fb838b79d2d48e3daf71387531882531a95ac964d02ea413bf85952982bbc089527daff5b845c9a0f4d14ef1956d9c3acae882d12da66da0f35794f5ee32232333517db9315232a183b991654dbea41615345c885325926744a53915", diff --git a/src/util/fipstools/test_fips.c b/src/util/fipstools/test_fips.c index 3a1f7fce..13b8d7d3 100644 --- a/src/util/fipstools/test_fips.c +++ b/src/util/fipstools/test_fips.c @@ -291,6 +291,19 @@ int main(int argc, char **argv) { printf(" got "); hexdump(hkdf_output, sizeof(hkdf_output)); + /* TLS v1.0 KDF */ + printf("About to run TLS v1.0 KDF\n"); + uint8_t tls10_output[32]; + if (!CRYPTO_tls1_prf(EVP_md5_sha1(), tls10_output, sizeof(tls10_output), + kAESKey, sizeof(kAESKey), "foo", 3, kPlaintextSHA256, + sizeof(kPlaintextSHA256), kPlaintextSHA256, + sizeof(kPlaintextSHA256))) { + fprintf(stderr, "TLS v1.0 KDF failed.\n"); + goto err; + } + printf(" got "); + hexdump(tls10_output, sizeof(tls10_output)); + /* TLS v1.2 KDF */ printf("About to run TLS v1.2 KDF\n"); uint8_t tls12_output[32]; -- cgit v1.2.3 From d86ea70511816a70178e903dd788ff675b1b26d7 Mon Sep 17 00:00:00 2001 From: Jorge Saldivar Date: Thu, 30 Nov 2023 20:04:11 +0000 Subject: Expose libcrypto_static to adservices & extservices Bug: 308651557 AdServices uses libcrypto to access HPKE. ExtServices uses AdServices to enable backward compatibility with Android 30, 31, and 32. Encryption works in versions 31 and later, but fails in version 30. The libcrypto.so file located in /system/lib64 does not have HPKE until version 31. The issue can be resolved by using libcrypto_static, so the library could be packaged within the APK. Test: mma (cherry picked from https://android-review.googlesource.com/q/commit:d818e486f9fb668b852443fa2f1f846677bbea40) Merged-In: I371500ee792a23c74431cd3ab57d05def26ac093 Change-Id: I7f96d8b0b76868201f66dd18d487074d2f45bbd3 --- Android.bp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Android.bp b/Android.bp index 211f7125..4032421b 100644 --- a/Android.bp +++ b/Android.bp @@ -366,6 +366,7 @@ cc_library_static { "//hardware/interfaces/keymaster/4.0/vts/functional", "//hardware/interfaces/keymaster/4.1/vts/functional", "//packages/modules/adb", + "//packages/modules/AdServices:__subpackages__", "//packages/modules/DnsResolver/tests:__subpackages__", "//packages/modules/NeuralNetworks:__subpackages__", "//system/core/init", @@ -380,6 +381,8 @@ cc_library_static { min_sdk_version: "29", apex_available: [ "//apex_available:platform", + "com.android.adservices", + "com.android.extservices", "com.android.neuralnetworks", ], defaults: [ -- cgit v1.2.3 From 8c5c1d81a95e89ece1aba12216e14854977ced30 Mon Sep 17 00:00:00 2001 From: Jorge Saldivar Date: Thu, 30 Nov 2023 20:04:11 +0000 Subject: Expose libcrypto_static to adservices & extservices Bug: 308651557 AdServices uses libcrypto to access HPKE. ExtServices uses AdServices to enable backward compatibility with Android 30, 31, and 32. Encryption works in versions 31 and later, but fails in version 30. The libcrypto.so file located in /system/lib64 does not have HPKE until version 31. The issue can be resolved by using libcrypto_static, so the library could be packaged within the APK. Test: mma (cherry picked from https://android-review.googlesource.com/q/commit:d818e486f9fb668b852443fa2f1f846677bbea40) Merged-In: I7f96d8b0b76868201f66dd18d487074d2f45bbd3 Change-Id: I7f96d8b0b76868201f66dd18d487074d2f45bbd3 --- Android.bp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Android.bp b/Android.bp index acb2b89a..ca39dca1 100644 --- a/Android.bp +++ b/Android.bp @@ -375,6 +375,7 @@ cc_library_static { "//hardware/interfaces/keymaster/4.0/vts/functional", "//hardware/interfaces/keymaster/4.1/vts/functional", "//packages/modules/adb", + "//packages/modules/AdServices:__subpackages__", "//packages/modules/Bluetooth:__subpackages__", "//packages/modules/DnsResolver/tests:__subpackages__", "//packages/modules/NeuralNetworks:__subpackages__", @@ -389,6 +390,8 @@ cc_library_static { min_sdk_version: "29", apex_available: [ "//apex_available:platform", + "com.android.adservices", + "com.android.extservices", "com.android.neuralnetworks", ], defaults: [ -- cgit v1.2.3